search

freephile / meza

Setup an enterprise MediaWiki server with simple commands
MIT License
0 stars 0 forks source link

Upgrade PHP from 7.4 to 8.1 #13

Closed freephile closed 7 months ago

freephile commented 7 months ago

Current version is unsupported

The current version is 7.4.33 (fpm-fcgi). This is unsupported in the PHP community, even from a security standpoint.

  1. https://endoflife.date/php
  2. https://www.php.net/supported-versions.php

Target considerations

We can do this (even without upgrading Rocky Linux - which would entail more work). The best version to upgrade to on Rocky Linux 8 would be PHP 8.1.27 A near future upgrade to Rocky Linux 9.x will make it easier for us to further upgrade to PHP 8.2.x or even 8.3.x. (8.2.16 and 8.3.3 available at the time of writing as of 2024-02-22)

Constraints

A limiting constraint is the PHP support in MediaWiki core (and thus extensions). WMF has been slow to transition to newer PHP versions. The best we can do at present is upgrade to PHP 8.1 - with the risk that some extensions may not be compatible.

  1. https://www.mediawiki.org/wiki/Support_policy_for_PHP
  2. https://www.mediawiki.org/wiki/Compatibility#PHP
  3. https://phabricator.wikimedia.org/T319432 << Indicates the work in progress of adopting PHP 8.1

HowTo run PHP 8.1 on RockyLinux 8.x

  1. https://rpms.remirepo.net/wizard/

    Additional information

  2. https://www.linuxcapable.com/how-to-install-remi-rpm-on-rocky-linux/
  3. https://github.com/geerlingguy/ansible-role-repo-remi

Operating system: EL8 Wanted PHP version: 8.1.27 (security only support through November 2024) Type of install: single version (default) Architecture: x86_64

The Remi Wizard tells us

  1. CentOS 8 provides PHP version 7.4, 8.0 in its official repository

  2. Command to enabled the CRB repository: dnf config-manager --set-enabled powertools

  3. Command to install the EPEL repository configuration package: dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

  4. Command to install the Remi repository configuration package: dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

  5. You want a single version (We're not trying to run multiple versions of PHP simultaneously.) which means replacing base packages from the distribution

  6. Packages have the same name as in the base repository, ie php-*

  7. Some common dependencies are available in remi-safe repository, which is enabled by default

  8. PHP version 8.1 packages are available for CentOS 8 in remi-modular repository

  9. You have to enable the module stream for 8.1, and update the old version if installed: dnf module switch-to php:remi-8.1

  10. If no version is installed, command to install the php stream default profile: dnf module install php:remi-8.1

  11. Command to install additional packages (xxx for SAPI or extension name): dnf install php-xxx

  12. Command to install testing packages: dnf --enablerepo=remi-modular-test install php-xxx

  13. Command to check the installed version and available extensions: php --version php --modules

freephile commented 7 months ago

Step 2 comment

CRB is "Code Ready Builder" - PowerTools was a carryover from CentOS, which is still the equivalent of CRB in RHEL. crb will be the repository name going forward in Rocky Linux and other derivatives starting with version 9. Rocky Linux 8 matches CentOS's use of PowerTools in order to be as compatible as possible with what users expect from a rebuild of version 8.

source: https://wiki.rockylinux.org/rocky/repo/

Status

dnf config-manager --set-enabled powertools is handled by getmeza.sh on line 85 - but only if epel.repo is not found in /etc/yum.repos.d/

Meanwhile, the Ansible role named 'base' in ./src/roles/base/tasks/main.yml ensures that 'epel-release' is installed with the Ansible tag 'latest'.

freephile commented 7 months ago

Step 3 comment

The docs from the Fedora project https://docs.fedoraproject.org/en-US/epel/#_rhel_8 shows that e.g. dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm is for RHEL8 while for Rocky Linux 8, you want to issue a

dnf config-manager --set-enabled powertools
dnf install epel-release

In any event, Meza does already install the EPEL repository when Rocky Linux is your distro.

What are my repos? Is EPEL installed?

userx@localhost meza]$ sudo dnf install epel-release Last metadata expiration check: 0:24:32 ago on Thu 22 Feb 2024 09:09:53 PM EST. Package epel-release-8-19.el8.noarch is already installed. Dependencies resolved. Nothing to do. Complete! [userx@localhost meza]$ `sudo dnf repolist` ``` repo id repo name appstream Rocky Linux 8 - AppStream baseos Rocky Linux 8 - BaseOS centos-ansible-29 CentOS Configmanagement SIG - ansible-29 epel Extra Packages for Enterprise Linux 8 - x86_64 extras Rocky Linux 8 - Extras netdata-edge Netdata Edge netdata-repoconfig Netdata Repository Config powertools Rocky Linux 8 - PowerTools ``` [userx@localhost meza]$ `sudo dnf repolist -vvv` ``` Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, kpatch, needs-restarting, playground, repoclosure, repodiff, repograph, repomanage, reposync, system-upgrade DNF version: 4.7.0 cachedir: /var/cache/dnf Last metadata expiration check: 0:29:14 ago on Thu 22 Feb 2024 09:09:53 PM EST. Repo-id : appstream Repo-name : Rocky Linux 8 - AppStream Repo-revision : 8.9 Repo-distro-tags : [cpe:/o:rocky:rocky:8]: , , 8, L, R, c, i, k, n, o, u, x, y Repo-updated : Tue 20 Feb 2024 11:02:31 PM EST Repo-pkgs : 7,621 Repo-available-pkgs: 6,164 Repo-size : 15 G Repo-mirrors : https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=AppStream-8 Repo-baseurl : https://rocky-linux-us-west2.production.gcp.mirrors.ctrliq.cloud/pub/rocky//8.9/AppStream/x86_64/os/ : (42 more) Repo-expire : 172,800 second(s) (last: Thu 22 Feb 2024 09:09:43 PM EST) Repo-exclude : ansible, ansible-core, python38 Repo-filename : /etc/yum.repos.d/Rocky-AppStream.repo Repo-id : baseos Repo-name : Rocky Linux 8 - BaseOS Repo-revision : 8.9 Repo-distro-tags : [cpe:/o:rocky:rocky:8]: , , 8, L, R, c, i, k, n, o, u, x, y Repo-updated : Tue 20 Feb 2024 11:02:37 PM EST Repo-pkgs : 2,258 Repo-available-pkgs: 2,254 Repo-size : 3.3 G Repo-mirrors : https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=BaseOS-8 Repo-baseurl : https://dl.rockylinux.org/pub/rocky/8.9/BaseOS/x86_64/os/ (42 more) Repo-expire : 172,800 second(s) (last: Thu 22 Feb 2024 09:09:43 PM EST) Repo-filename : /etc/yum.repos.d/Rocky-BaseOS.repo Repo-id : centos-ansible-29 Repo-name : CentOS Configmanagement SIG - ansible-29 Repo-revision : 1649329101 Repo-updated : Thu 07 Apr 2022 06:58:21 AM EDT Repo-pkgs : 108 Repo-available-pkgs: 108 Repo-size : 447 M Repo-mirrors : http://mirrorlist.centos.org/?release=8&arch=x86_64&repo=configmanagement-ansible-29 Repo-baseurl : http://mirror.centos.org/centos/8/configmanagement/x86_64/ansible-29/ (0 more) Repo-expire : 172,800 second(s) (last: Thu 22 Feb 2024 09:09:42 PM EST) Repo-filename : /etc/yum.repos.d/CentOS-SIG-ansible-29.repo Repo-id : epel Repo-name : Extra Packages for Enterprise Linux 8 - x86_64 Repo-revision : 1708647956 Repo-updated : Thu 22 Feb 2024 07:31:12 PM EST Repo-pkgs : 10,043 Repo-available-pkgs: 10,038 Repo-size : 18 G Repo-metalink : https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=x86_64&infra=$infra&content=pub/rocky Updated : Thu 22 Feb 2024 09:09:53 PM EST Repo-baseurl : https://mirror.servaxnet.com/epel/8/Everything/x86_64/ (174 more) Repo-expire : 172,800 second(s) (last: Thu 22 Feb 2024 09:09:53 PM EST) Repo-exclude : ansible, ansible-core, python38 Repo-filename : /etc/yum.repos.d/epel.repo Repo-id : extras Repo-name : Rocky Linux 8 - Extras Repo-revision : 1708486847 Repo-distro-tags : [cpe:/o:rocky:rocky:8]: , , 8, L, R, c, i, k, n, o, u, x, y Repo-updated : Tue 20 Feb 2024 10:40:47 PM EST Repo-pkgs : 56 Repo-available-pkgs: 56 Repo-size : 5.7 M Repo-mirrors : https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=extras-8 Repo-baseurl : https://dl.rockylinux.org/pub/rocky/8.9/extras/x86_64/os/ (42 more) Repo-expire : 172,800 second(s) (last: Thu 22 Feb 2024 09:09:44 PM EST) Repo-filename : /etc/yum.repos.d/Rocky-Extras.repo Repo-id : netdata-edge Repo-name : Netdata Edge Repo-revision : 1708650689 Repo-updated : Thu 22 Feb 2024 08:11:29 PM EST Repo-pkgs : 366 Repo-available-pkgs: 366 Repo-size : 1.4 G Repo-baseurl : https://repo.netdata.cloud/repos/edge/el/8/x86_64 Repo-expire : 172,800 second(s) (last: Thu 22 Feb 2024 09:09:42 PM EST) Repo-filename : /etc/yum.repos.d/netdata-edge.repo Repo-id : netdata-repoconfig Repo-name : Netdata Repository Config Repo-revision : 1707123721 Repo-updated : Mon 05 Feb 2024 04:02:01 AM EST Repo-pkgs : 6 Repo-available-pkgs: 6 Repo-size : 42 k Repo-baseurl : https://repo.netdata.cloud/repos/repoconfig/el/8/x86_64 Repo-expire : 172,800 second(s) (last: Thu 22 Feb 2024 09:09:42 PM EST) Repo-filename : /etc/yum.repos.d/netdata-edge.repo Repo-id : powertools Repo-name : Rocky Linux 8 - PowerTools Repo-revision : 8.9 Repo-distro-tags : [cpe:/o:rocky:rocky:8]: , , 8, L, R, c, i, k, n, o, u, x, y Repo-updated : Tue 20 Feb 2024 11:02:00 PM EST Repo-pkgs : 2,516 Repo-available-pkgs: 2,402 Repo-size : 26 G Repo-mirrors : https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=PowerTools-8 Repo-baseurl : http://mirrors.egr.msu.edu/rockylinux/8.9/PowerTools/x86_64/os/ (42 more) Repo-expire : 172,800 second(s) (last: Thu 22 Feb 2024 09:09:44 PM EST) Repo-filename : /etc/yum.repos.d/Rocky-PowerTools.repo Total packages: 22,974 ```

freephile commented 7 months ago

Step 4 comment

Right now we're adding a couple tasks + variables in the apache-php role to install the Remi repo. However, in the larger picture, we should clean up and refactor the playbooks so that we can just include Jeff Geerling's epel and remi roles into our (site) playbook(s).

freephile commented 7 months ago

Oddly ran into a problem with Ansible just hanging after adding the new tasks.

Trying to troubleshoot that, discovered that we're actually using a fairly old Ansible (2.9.x) when 2.16 is the currently available core. If I'm reading it correctly, Ansible core 2.9 was EOL in 2022.

Regardless of our need to upgrade Ansible (and troubleshoot the installation of PHP), we also need to refactor and simplify code paths to ensure all logic that applies to RHEL8 and Rocky8 is consolidated. One gotcha is that there is an old bug in how some ansible facts distinguish between RedHat and Rocky.

ansible_os_family should be RedHat for any installation of Rocky Linux

ansible localhost -m ansible.builtin.setup | grep -i redhat
        "ansible_distribution_file_path": "/etc/redhat-release",
        "ansible_distribution_file_variety": "RedHat",
        "ansible_iscsi_iqn": "iqn.1994-05.com.redhat:e4d53019ed87",

ansible localhost -m ansible.builtin.setup | grep -i os_family
        "ansible_os_family": "Rocky",

As a work-around, we can avoid using the opaque (but accurate) ansible_distribution_file_variety by simply using a more intuitive (and eventually superfluous) 'catch all' conditional like:

when: ansible_os_family in ['RedHat', 'Rocky']

freephile commented 7 months ago

This post https://www.reddit.com/r/ansible/comments/13xdt6h/enabling_dnf_modules_through_ansible/ is an example of installing Remi and PHP8 using Ansible.